From 2972e8b5d5d1cc223e81e4fceef819333bbeb075 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Thu, 18 Aug 2005 16:45:15 +0000
Subject: [PATCH] Improved session code to force creation of a new session key
 if the given session key doesn't exist -- for extra security

git-svn-id: http://code.djangoproject.com/svn/django/trunk@536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/middleware/sessions.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/django/middleware/sessions.py b/django/middleware/sessions.py
index 41cf3daf025..614db5d0a88 100644
--- a/django/middleware/sessions.py
+++ b/django/middleware/sessions.py
@@ -44,6 +44,9 @@ class SessionWrapper(object):
                     self._session_cache = s.get_decoded()
                 except sessions.SessionDoesNotExist:
                     self._session_cache = {}
+                    # Set the session_key to None to force creation of a new
+                    # key, for extra security.
+                    self.session_key = None
             return self._session_cache
 
     _session = property(_get_session)